Units are used in operations implementing cryptographic systems and are given in monolithic form. They are either produced on the same silicon chip or they are assembled on a support and embedded in a resin or protected by a sheet covering the different elements and acting as a fuse in the case of an attempted intrusion.
These security processors have a first memory zone called a bootstrap that is executed during the activation of the processor or at each resetting to zero. This memory is of the ROM type, namely that it is Read Only Memory.
During the execution of the start-up program, this program verifies the second memory zone that is of the rewritable type, usually of the EEPROM, NVRAM or Flash type. This verification is important as it serves to ensure that the data in this second zone is valid, namely that it is definitely a program (at least in part). This verification can be carried out in various ways such as the calculation of an imprint (CRC, Hash) and the comparison of this imprint with a value stored in the same zone.
Once the master program that has been initially started completes its verification, it connects with the second zone and begins the execution of the user program at a conventional address.
The particularity of this type of processor is that at the time of the execution of the program in the second zone, it does not have free access to the memory of the first zone. This access is either definitively prohibited or is subject to a verification mechanism (password for example).
This offers important security because the verification means, as well as the start-up data, are not accessible to the user program. All the data contained in the first zone is thus protected from any intrusion.
It is possible that this first bootstrap zone, in addition to having a part in read-only memory (ROM), includes a rewritable part of memory that is subjected to the same security conditions.
When the first zone is of a very limited size, the execution of the verification program can be carried out from the second zone. The latter is divided into a verification part and a user part.
Therefore, the verification of the user program is carried out on the basis of the data of the first zone. Namely, it is carried out on the basis of a first key that is generally stored in the first zone and which allows the verification of the data imprint of the second zone.
The second zone contains data constituting the program and a signature that is encrypted by this first key.
The verification program that can either be in the first zone, or in a verification part of the second zone, calculates a unique imprint (Hash, CRC) on the data to be verified.
To verify that the data is correctly validated, the second zone contains the imprint encrypted by a key that is initially stored in the first zone. This key is used to decrypt the encrypted imprint and the result obtained is compared with the calculated imprint.
This key can be in the first zone either in a definitive form (ROM) or in the programmed form (EEPROM or Flash for example). In this second case, programming is carried out in a machine or in an authorized centre for example. The program of the first zone accepts this program as long as no other key is already found in this memory location.
This key can be of the symmetrical type and thus secret or it can be of the asymmetrical type. In this second variant, this key can be found in a memory zone other than the first zone because even if a third party discovered this key, the third party would not be able to identify a modified data set because he must have the corresponding private key to identify the data. Obviously, this key is not issued from the management centre that is responsible for preparing the updating of the data.
The data of the second memory zone can represent either one or several programs, either important data such as rights or decryption keys, or a combination of both.
One of the known types of attacks used to discover the contents of the second zone is to search a security defect such as a memory overflow that allows control to be taken of the processor. Once control has successfully been taken, a third party transfers the contents of the second zone towards the exterior and is able to analyse the security mechanism and the keys used.
Using the knowledge of the contents of the second memory zone, the third party has the keys serving to manage the different rights and access to services that control this processor.
Therefore, if a change of keys takes place, managed by the management centre, this change command will be encrypted by a key present in the second memory zone. The third party, who has knowledge of this key, can decrypt this message and also update the contents of this new key.
Therefore, it is apparent that while a secure mechanism has been used to verify the contents of the program zone (second zone), once security has been violated, none of the changes initiated by the management centre have an effect on security because the changing means (new transmission key for example) use keys that the third party already has in his possession. He can thus decipher the updating message and also change its transmission key. The breach cannot be stopped even if the security breach has been corrected in the application.